Security researchers from IBM Security have warned that a strain of banking Trojan, dubbed TrickBot, is escalating attacks against UK banks and financial institutions. The operators of the malware have launched five campaigns this month alone, it has been revealed.

In its current configuration, the financial Trojan is targeting a slew of private banks, wealth management firms, investment companies and insurance businesses, claimed LimorKessem, one of the top cyber-intelligence experts at IBM's X-Force, in a blog post this week (27 April).

If successful, the hackers' website will look identical to the targeted page, and real credentials will be compromised if a victims fails to notice any change. The malware has grown from three major campaigns-per-month to five in April 2017 alone, the experts found.

Kessem said: "It is possible that TrickBot's operators are increasing their spam runs in the target geographies and attempting to infect more endpoints before going into an attack phase next. In terms of its attack types [...] its signature moves are browser manipulation techniques.

"The expanded target list, as well as the focus on new brands and high-value account types, means that this nefarious group is setting its sail and likely plans to deploy its crimeware in new territory."

TrickBot first emerged in mid-2016, likely from the ashes of a previous malware strain, and caused a splash by targeting financial institutions across Asia, Australia and New Zealand, later evolving to hit the UK, Germany and Canada. The identity of its operators remains a mystery.

In November last year, malware researcher LiorKeshet described TrickBot as "undoubtedly the work of professionals who have been around the banking Trojan scene for some time."

He elaborated: "These experienced fraudsters are apparently well-versed in the modern features common to the types of malware banks reckon with nowadays. We expect to see this Trojan evolve its anti-security and anti-research techniques."